⚜️
DFS CheckList
  • What is DFS Checklist?
  • Scope
    • What is a scope?
    • How to define a scope for DeFi app?
  • Checklist
    • Scope is defined
      • Scope is described
      • Personnel is listed
    • Network security
      • Network rules defined and saved
      • Network rules implemented
    • Third party software security
      • Software listed
      • Software configured
    • Inhouse software security
      • Software listed
      • Software configured
    • Access Control Measures
      • Identify Users and Authenticate Access to System Components
      • Restrict Access to System Components by Business Need to Know
    • Monitoring and Alerting
      • Log and Monitor All Access to the Scope
      • Setup alerting for critical events
    • Security routines
      • Complience controls
Powered by GitBook
On this page

What is DFS Checklist?

DFSS (Decentralized Finance Security CheckList) — is a list of requirements to IT infrastructure. Compliance with these requirements provides a basic level of information security. This checklist is based on key insights drawn from industry-leading standards, including PCI DSS, ISO 27002, and the NIST 800 series, combined with the personal expertise and experience of foundation members. These insights were carefully filtered, organized, and refined to create an accessible and practical tool tailored for the decentralized finance sector.

What does it mean in practice? Let's start with definitions. Information Security usually defined by CIA Triad—which stands for Confidentiality, Integrity, and Availability. It helps guide how organizations and individuals protect data.

  1. Confidentiality

    • What it means: Ensuring that only authorized users or systems have access to data.

    • Why it matters in InfoSec: Information security solutions and policies (like access controls, encryption, and secure authentication) are designed to keep sensitive information confidential.

  2. Integrity

    • What it means: Maintaining data accuracy and completeness throughout its lifecycle.

    • Why it matters in InfoSec: InfoSec measures ensure that data has not been changed without proper authorization.

  3. Availability

    • What it means: Making sure information and resources are accessible to authorized users when needed.

    • Why it matters in InfoSec: InfoSec practices ensure backup systems, redundancy, and incident response plans are in place.

A "basic level" of cybersecurity consists of core practices aimed at minimizing the most common risks for individuals and organizations. But where and how should these practices be implemented? The collection of IT systems where these fundamental practices are applied is referred to as the scope.

NextWhat is a scope?

Last updated 2 months ago